Article 29 GDPR — enforcement
Cited in 30 decisions · €12.8M total fines · median €40,000 · top authority: 🇪🇺Italian Data Protection Authority (Garante) (11)
| Date ↓ | Company / party | Authority | Articles | Fine |
|---|---|---|---|---|
| 2021-11-26 | Valoris Center S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €2,000 |
| 2021-09-16 | Sky Italia S.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 12 | €3,296,326 |
| 2021-04-19 | Lugera & Makler Broker S.R.L. Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €1,500 |
| 2021-02-10 | ING Bank N.V. Amsterdam - Bucharest office Insufficient technical and organisational measures to ensure information security | 🇪🇺 Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) | Art. 29Art. 32 | €1,000 |
| 2020-07-13 | Merlini s.r.l. Insufficient legal basis for data processing | 🇪🇺 Italian Data Protection Authority (Garante) | Art. 5Art. 6Art. 7Art. 28 | €200,000 |
← previous 26–30 of 30